Life is slowly returning to some kind of normal. Not as quickly as we may have liked but it’s getting there! This means that people are heading back to work places. However, there is no doubt that the pandemic has altered attitudes towards remote working or working from home. Deioitte has announced that it’s 20,000 staff can chose to work from home permanently. Accountancy firm EY (formerly Ernst and Young) have said workers ‘will be expected to work 2 days a week from home’. Google expects 20% of it’s staff to work from home permanently in the future. Numerous others are moving to a hybrid model.
Small businesses are faced with the same decision. Work from home, work from the office or offer both – hybrid working. It’s likely businesses will have some people working remotely some of the time. There have been lots of words written about the advantages and disadvantages of the various ways of working. But we’ve seen little focused on how they affect cyber security. But you need to make new arrangements to secure remote working.
What Is The Issue?
If you were an office based company with no remote workers prior to the pandemic then your security was probably focused on the network. Think of this as building a big wall around all of your devices to keep cyber criminals out. You control the internet connection, this runs through your firewall which blocks ‘bad’ traffic. Antivirus and Antimalware products are managed at a network level. As is email filtering.
This was perfectly sensible. However the problems start to arise as soon as devices are taken outside the network. The home internet (or much, much worse the one at the local Coffee Shop) do not have the protection your business connection does. Suddenly staff are working outside all of your security controls. Your reliant on the basic antivirus on the machine – and this is not robust enough for most business. And certainly shouldn’t be trusted as the main or only source of protection.
Further problems arise when people use these open networks then come back to the office. As soon as they plug in they are behind all your network defences. Anything nasty they’ve picked up is inside your network. This could lay dormant for months until the bad guys use it to launch an attack.
What Can You Do To Secure Remote Working?
A lot of people moved to remote working quickly in March last year. A lot of what we call ‘sticky plaster’ solutions were put in place. If you are now looking to move to a long term work from home or hybrid arrangement you need to review your cyber security policies against the risks this presents.
We’d recommend getting some expert help. We offer a free cyber security assessment to business in the East Midlands. It’s easy to book and we’ll leave you with a comprehensive report detailing the actions you need to take. We’re not the only one’s. Lots of other MSP’s offer similar. We guarantee no hard sell of our solutions – most don’t!
But there are some simple things you can do today that will make you more secure.
Set Up Password Management
Weak passwords are huge security risk. But remembering lots of complex passwords can seem impossible. Utilise Password Management software and individuals need only remember one password. The Password Manager will generate strong passwords for sites and then store them in an encrypted vault. It then auto fills them as you use the site. Our recommended password manager has some additional nifty features. If you’ve been storing your passwords in your browser (please don’t!) then you can transfer them straight into your new vault. These passwords will then be audited and you’ll be encouraged to change weak and reused passwords. These improves security immediately.
Turn on Multi-Factor Authentication
Our next tip to secure remote working is to turn on MFA wherever it is available. The majority of accounts have an MFA or 2FA (Two Factor Authentication) option, you just need to enable it. Microsoft 365, Google, even Facebook, LinkedIn and Twitter all offer MFA. Most of your cloud based business software will to.
Divide Between Work and Pleasure
Ideally you should not ask (or allow) a member of staff to use their own PC for work activity. Get them a laptop that is set up by your IT department and locked down in regards to what can be installed on it. Have staff sign an acceptable usage policy that states that includes that nobody can use the machine for non-business purposes. A further policy should stipulate that you NEVER connect to an open WiFi connection.
Train Your Staff
It’s the number one thing that will improve your cyber security anyway, but if you’re moving to hybrid or remote working get some training in place! The best options provide ongoing training via short video training sessions and simulated attacks to check knowledge. Whilst a one-off training session can be useful a long session packed with information will soon be forgotten.
Consider training staff how to configure their router at home. This can improve performance and enhance security. A win-win for both the business and the employee.
Consider A VPN
Our final tip to secure remote working is to use a virtual private network or VPN. A VPN extends a private network, like the one in your business, across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
We’ve got a much more detailed article on VPN’s but if you’re going to have remote workers in the long time it becomes a ‘must have’ rather than a ‘nice to have’.
How We Can Help
If you’re changing the way you work don’t neglect your cyber security arrangements. It’s probably the last thing you want to think about as you get used to the new normal and concentrate on building business again. But a cyber attack can be devastating to any business, large or small. Rather than worrying about do something practical, and then let us do the heavy lifting! You can book onto out next Cyber Security Webinar for further hints and tips on securing yourself, book a free Cyber Security Assessment through our calendar or just get in touch on 0115 8220200 or with our contact form for an informal chat about your security and IT arrangements.
